udp2raw icon indicating copy to clipboard operation
udp2raw copied to clipboard

Published 20 hours ago verified publisher icon wangyu-

Some buffer overflow issues

Open firmianay opened this issue 2 years ago • 3 comments

hi, great project!

  1. The program has a buffer overflow problem that may not exist in reality when parsing the command line parameter "-k, --key"
int my_init_keys(const char * user_passwd,int is_client)
{
	char tmp[1000]="";
	int len=strlen(user_passwd);

	strcat(tmp,user_passwd);

	strcat(tmp,"key1");

[2022-07-07 15:57:34][INFO]remote_ip=[127.0.0.1], make sure this is a vaild IP address
[2022-07-07 15:57:34][INFO]const_id:8e6c177a
*** buffer overflow detected ***: terminated
[1]    573646 abort (core dumped)  ./udp2raw -c -l 127.0.0.1:80 -r 127.0.0.1:80 -k
  1. command line parameter -l or -r will make ip_addr_str overflow.
int address_t::from_str(char *str)
{
	char ip_addr_str[100];u32_t port;
	mylog(log_info,"parsing address: %s\n",str);
	int is_ipv6=0;
...
	else if(sscanf(str, "%[^:]:%u", ip_addr_str,&port)==2)
	{
		mylog(log_info,"its an ipv4 adress\n");
		inner.ipv4.sin_family=AF_INET;
	}

firmianay avatar Jul 07 '22 08:07 firmianay

limit the lenth of each token in sscanf

see https://github.com/HiGarfield/udp2raw/blob/f3127d77798d239fddf5ebb46b2c9d1eac83f6e5/common.cpp#L18

HiGarfield avatar Jul 08 '22 15:07 HiGarfield

Those two function only parses local parameters which are input by you locally. They never parse parameters from the internet.

So I guess that's not a big deal?

wangyu- avatar Jul 08 '22 15:07 wangyu-

Yes, it's not a big problem right now, but it leaves a hidden danger if in the future when the function is used to resolve addresses from outside there will be problems, so it is recommended to fix this little bug to avoid future problems.

firmianay avatar Jul 09 '22 11:07 firmianay